Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Where to put auto-login using cookies code?
Where to put auto-login using cookies code?
  • El Forum
    Guest
  •  
#1
12-01-2009, 01:09 PM

[eluser]leonardteo[/eluser]
Hey guys,

So this is probably a really basic question but I'm wondering where the best place is to put code that processes cookies and does an auto login?

Basically, when you login to the site I will set a user_id and a hashed password as cookies. When you come back, it should automatically read the cookies, attempt to login, load your profile and set it in a session.

Anyone know where I should put this? Hooks?

Leo
  • El Forum
    Guest
  •  
#2
12-01-2009, 01:41 PM

[eluser]Jondolar[/eluser]
I think you would want to put a call to your auto-login fuction at the top of your controller function(s) that have a login requirement.
  • El Forum
    Guest
  •  
#3
12-01-2009, 01:59 PM

[eluser]leonardteo[/eluser]
And what about if I wanted it to be site-wide?

Just trying to reduce redundancy....

L.
  • El Forum
    Guest
  •  
#4
12-01-2009, 02:48 PM

[eluser]jedd[/eluser]
If only we had a [url="/wiki/FAQ"]FAQ[/url] for this kind of thing.
  • El Forum
    Guest
  •  
#5
12-01-2009, 02:59 PM

[eluser]leonardteo[/eluser]
I literally just worked it out... sharing and hopefully others will find this code here.

THis is very simple and I have not yet properly put in all the error checks, etc. It's here as a skeleton for others to figure it out..... I had searched high and low for how to do this and couldn't find an easy way (and I didn't want to use a pre-built library).


In your libraries directory, create a new file "autologin.php"

Here's the code in mine. Modify as you wish.

Code:
<?php

if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/* The following hook checks if the user has a login cookie and processes that */
class Autologin {
    
    var $CI;
    
    //Constructor
    function AutoLogin(){
        
        $this->CI =& get_instance();
        $this->CI->load->library('session');
        $this->CI->load->helper('cookie');
        $this->CI->load->database();
        
        //if cookies are present, attempt login
        if ($this->CI->session->userdata('logged_in') != TRUE){
            $user_id = get_cookie('user_id');
            $password = get_cookie('password');
            
            //If no cookies set
            if ($user_id == false || $password == false){
                $this->logout();
            }
            
            $this->CI->load->model('User_model');
            $user = $this->CI->User_model->get_user_by_id($user_id);
            if ($user == false) {
                //User doesn't exist, kill
                $this->logout();
            } else {
                //attempt login
                if ($user->password == $password){
                    //Successful login
                    //reset cookie
                    $user_cookie = array(
                       'name'   => 'user_id',
                       'value'  => $user->id,
                       'expire' => '100000',
                    );
                    $password_cookie = array(
                       'name'   => 'password',
                       'value'  => $user->password,
                       'expire' => '100000',
                    );
                    
                    set_cookie($user_cookie);
                    set_cookie($password_cookie);
                    
                    //set session data
                    $sessiondata = array('logged_in' => TRUE, 'user_id' => $user->id);
                    $this->CI->session->set_userdata($sessiondata);
                    
                } else {
                    //Foobar - kill
                    $this->logout();
                }
            }
            
        }

    }
    
    function logout(){
        delete_cookie('user_id');
        delete_cookie('password');
        $sessiondata = array('logged_in' => FALSE);
        $this->CI->session->set_userdata($sessiondata);                    
    }
    
    
}
?>


Then simply add 'autologin' to your config/autoload.php as one of the libraries loaded.

The above code assumes that you have a model called 'User_model' with a function get_user_by_id($user_id).

//Edit
Note that the password should be hashed. Never store plain text passwords in cookies. In my implementation above, I had stored hashed passwords in the database.

L.
  • El Forum
    Guest
  •  
#6
12-01-2009, 03:37 PM

[eluser]Colin Williams[/eluser]
Saving a user's password in a cookie just seems like a bad idea. What's wrong with just having a longer expiration on the session? I never saw the usefulness of "auto-login." Just leave em logged in until the session expires.
  • El Forum
    Guest
  •  
#7
12-01-2009, 03:50 PM

[eluser]leonardteo[/eluser]
[quote author="Colin Williams" date="1259725021"]Saving a user's password in a cookie just seems like a bad idea. What's wrong with just having a longer expiration on the session? I never saw the usefulness of "auto-login." Just leave em logged in until the session expires.[/quote]

...what I should have added is that the password is hashed. Yeah... the above script does not save a plain-text password on a cookie.

On that note... I think a lot of sites use this same system where they store a hashed password as a cookie on the client machine. Whether it's a good idea or not, I won't argue.... just wanted wanted to clarify that's all.

Leonard




Theme © iAndrew 2016 - Forum software by © MyBB